View previous topic :: View next topic |
Author |
Message |
dE_logics Advocate
Joined: 02 Jan 2009 Posts: 2253 Location: $TERM
|
Posted: Thu Mar 27, 2014 7:04 am Post subject: ACL has no affect. |
|
|
I've add users and groups to ACL, but they seem to get ignored. They've no affect at all. Even the default user/group/other permissions have no affect.
Code: | getfacl ACL/
# file: ACL/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx
default:user::rwx
default:user:de:---
default:group::rwx
default:mask::rwx
default:other::rwx |
Code: | de@DESKTOP_MINER ~ $ cd ACL/; ls
dir file |
So default:user:de:--- is being ignored.
I invert the situation --
Code: | getfacl ACL/
# file: ACL/
# owner: root
# group: root
user::rwx
group::rwx
other::---
default:user::rwx
default:user:de:rwx
default:group::rwx
default:mask::rwx
default:other::--- |
To get --
Code: |
$ cd ACL/; ls
bash: cd: ACL/: Permission denied |
_________________ My blog |
|
Back to top |
|
|
dE_logics Advocate
Joined: 02 Jan 2009 Posts: 2253 Location: $TERM
|
Posted: Fri Mar 28, 2014 2:34 am Post subject: |
|
|
Hummm...
I see this's NOT normal behavior.
Unfortunately, the same thing happens with that Fedora VM which's installed on ext4. _________________ My blog |
|
Back to top |
|
|
ulenrich Veteran
Joined: 10 Oct 2010 Posts: 1480
|
Posted: Fri Mar 28, 2014 8:23 am Post subject: |
|
|
Perhaps "ls" does too much itself:
It explores the old 4byte posix allowences, before it tries to get the requested info from the kernel? |
|
Back to top |
|
|
dE_logics Advocate
Joined: 02 Jan 2009 Posts: 2253 Location: $TERM
|
Posted: Fri Mar 28, 2014 8:34 am Post subject: |
|
|
ulenrich wrote: | Perhaps "ls" does too much itself:
It explores the old 4byte posix allowences, before it tries to get the requested info from the kernel? |
The permission should be enforced by the kernel. No use if a non-root user can modify them. _________________ My blog |
|
Back to top |
|
|
dE_logics Advocate
Joined: 02 Jan 2009 Posts: 2253 Location: $TERM
|
Posted: Fri Mar 28, 2014 10:24 am Post subject: |
|
|
I tried to open the dir using dolphin, but that too says access denied. _________________ My blog |
|
Back to top |
|
|
dE_logics Advocate
Joined: 02 Jan 2009 Posts: 2253 Location: $TERM
|
Posted: Sat Mar 29, 2014 3:37 am Post subject: |
|
|
Resolving to the kernel mailing list. _________________ My blog |
|
Back to top |
|
|
ulenrich Veteran
Joined: 10 Oct 2010 Posts: 1480
|
Posted: Sat Mar 29, 2014 9:04 am Post subject: |
|
|
Please report back, I ever wanted to know
how these acls are supposed to funciton ... |
|
Back to top |
|
|
dE_logics Advocate
Joined: 02 Jan 2009 Posts: 2253 Location: $TERM
|
Posted: Sun Mar 30, 2014 4:55 pm Post subject: |
|
|
I contacted the ACL utils devs and they asked to me to read the alc(5) man page.
Now I clarify -- it works. _________________ My blog |
|
Back to top |
|
|
ulenrich Veteran
Joined: 10 Oct 2010 Posts: 1480
|
Posted: Mon Mar 31, 2014 2:30 pm Post subject: |
|
|
dE_logics wrote: | it works. | What did you do wrongly? |
|
Back to top |
|
|
py-ro Veteran
Joined: 24 Sep 2002 Posts: 1734 Location: Velbert
|
Posted: Tue Apr 01, 2014 10:04 am Post subject: |
|
|
The "old" Posix bytes are the my you can get with ACLs, it is like a upper limit. If it says like 600, even a ACL can't allow anyone other then the user to read or write it. |
|
Back to top |
|
|
dE_logics Advocate
Joined: 02 Jan 2009 Posts: 2253 Location: $TERM
|
Posted: Fri May 16, 2014 4:49 am Post subject: |
|
|
ulenrich wrote: | dE_logics wrote: | it works. | What did you do wrongly? |
Now I don't remember (my mail box is full, I didn't read your reply).
There was some misunderstanding with the concepts. _________________ My blog |
|
Back to top |
|
|
|